When software is installed in a system (particularly a telecommunication system), it is often necessary to establish service logins within the system for maintenance personnel. These service logins must be very secure to prevent the existence of the login not only from presenting a security risk for the customer but also from being compromised by the customer who can then change the software and right-to-use restrictions for the software. As used herein, a “login” refers to a sequence of symbols or a combination of symbol sequences, such as a user ID or login name and a password and/or a key, that must be correctly inputted into a computational component for a user to be authorized to perform one or more functions using or otherwise involving the computational component. As will be appreciated, a “password” is a unique character or sequence of characters known to a computational component and to a user who must specify the character or character sequence to be authorized to perform one or more functions using or otherwise involving the computational component and a “key” is a sequence of symbols used with a cryptographic algorithm for encrypting or decrypting data. Examples of keys include key-encrypting keys, key-exchange keys, master keys, private keys, and public keys.
In designing a method for initializing the service logins on the system, it is desirable to meet a number of criteria. First for maximum security, each service login should have a unique access key. Second the service login access keys should be established in the system software not only when it is shipped with the system but also at the time of system installation. Default passwords, once compromised, provide little, if any, meaningful security. The software that is shipped with the system should be capable of being distributed electronically and of being copied so that a single copy can be used to install multiple systems. Third, the service logins should be capable of being initialized by a non-trusted person who does not have login privileges without compromising the login access keys. For example, many telecommunication systems are installed by technicians and business partners that are not allowed to have knowledge of the access keys. Fourth, once the logins are initialized the access key information must be known to the manufacturer or system maintenance provider. This is needed to permit service personnel to login using the access keys in the future for system maintenance. Fifth, the service logins should be able to be initialized without requiring a network or data connection from the manufacturer's or system maintenance provider's system directly to the customer's system as such direct communication is not always possible. Sixth, any system to initialize services logins should be available globally as most manufacturer's sell systems internationally. Seventh, a mechanism should be provided to ensure that the service logins are initialized on the customer's system before installation can be completed. Systems cannot be serviced without the service logins being initialized. Eighth, the access keys should be able to be updated or changed after initialization in the event that an access key is compromised. Finally, a mechanism should be provided to ensure that the login access keys for a given system can only be installed on the intended system. If the access key is installed on the wrong system, it would not be possible to access that system since its access keys would be different than those listed in the manufacturer's/maintenance provider's database.